[ubuntu/noble-proposed] flatpak 1.14.6-1 (Accepted)
Jeremy Bícha
jeremy.bicha at canonical.com
Fri Apr 19 11:32:54 UTC 2024
flatpak (1.14.6-1) unstable; urgency=high
* New upstream stable release 1.14.6
- Don't allow an executable name to be misinterpreted as a command-line
option for bwrap(1). This prevents a sandbox escape where a malicious
or compromised app could ask xdg-desktop-portal to generate a .desktop
file with access to files outside the sandbox. (CVE-2024-32462)
- Don't parse `<developer><name/></developer>` as the application name
* d/control: Drop alternative dependencies on transitional policykit-1.
polkitd was released in Debian 12 and Ubuntu 22.04.
Date: 2024-04-18 22:28:47.491837+00:00
Signed-By: Jeremy Bícha <jeremy.bicha at canonical.com>
https://launchpad.net/ubuntu/+source/flatpak/1.14.6-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list